Correct. There is no right to free expression guaranteed in the US Constitution, despite the many people who seem to think its penciled in there somewhere. The right explicitly guaranteed in the US Constitution is the right to expression that is free from government interference. The Constitution bars the government from restricting expression unless it has an overriding state interest to do so (i.e. the canonical yelling Fire in a crowded theater). But the Constitution does not allow the government to compel a private person or institution to regulate its speech in general; in fact that is precisely what the First Amendment bars the government from doing. Absent an overriding state interest to do so, the government cannot force Baidu to provide a specific kind of speech, or prevent them from eliminating certain kinds of speech from its output.

I'm really uncomfortable with that logic. First of all saying that if all it takes is typing in a URL, then of course its public belies a level of ignorance just as high as the government in this case. "Just a URL" in the modern internet could be anything. SQL-injection is programmatic hijacking of a database server, but it often requires "just a URL." Buffer overflow attacks require just a URL, many apache worms required just a URL to propagate because of the way URL content can be processed. Just a URL is like saying all programs are just notepad documents. It cannot be the case that "if I can get there, then I get to take whatever I want" is the rule of the internet. I read in another article the analogy that AT&T basically put the material on a library bookshelf for anyone to read. That's not a good analogy: a better analogy is weev went to a public library, found that someone forgot to lock the door to the reserve stacks, and decided to go there and take a bunch of books home with him just because he could.

That is not the person I want to be the flag-bearer for my sense of fairness.

Second, giving anyone who points out a failing in others a free pass to point it out by any means is also something I'm really uncomfortable with. If its okay when done to big companies like AT&T and Apple, then its just as okay to do to smaller organizations like your neighborhood grocery store, or your house.

Since there's a million conspiracy theories, some will end up being at least partially true by random chance. Even here its hard to give credit to the conspiracy nuts, because very few of them believed the government monitoring was specifically of the character revealed by the Snowden leaks.

I'm pretty sure if you try hard enough, you can find a Nostradamus quatrain that predicts the NSA monitoring. That doesn't add credibility to Nostradamus, it just means when that many monkeys bang on keyboards, eventually some of it will start to rhyme.

No amount of conspiracy nuts believing in something makes it true, and no amount makes it false. If they were always exactly wrong, we could use them as bizarro truth meters. What they are is nuts, and contain as much useful information as atmospheric noise.

But that would make the person who stole the information no less culpable. Criminals are criminals no matter how easy their victims were to exploit.

On the subject of the author having no credibility because of her insecure practices, she certainly has no credibility as a security expert, but the article isn't a security primer. Its an advocacy piece from the perspective of being a victim of a computer crime, which requires no competency in security. I think her points are valid. In spite of a few high-profile prosecutions, the tech community at large tends to over-romanticize criminal activity in certain areas, and I think that encourages others to participate and perform those kinds of activities. I think there's a vicarious thrill we get when computer criminals demonstrate what we tend to believe: that most computer users are idiots, that most IT departments are inept, that security isn't taken seriously enough, that computer skills tend to be underappreciated, and news organizations are completely oblivious.

It gives all hackers and IT professionals in general a bad name, its just that most of us don't care.

I don't mind glorifying actors and dogs. The problem isn't glorifying hackers, the problem is giving criminals a pass when they are using hacking techniques. In much the same way we shouldn't give actors and other famous people a pass when they commit crimes, a someone who uses a computer to steal information from other people or cause them harm is a criminal and should be treated as such.

There should be recognition of proportionality. Someone who pokes around on Facebook or Instagram and finds a major security hole, reports it to the companies, and takes no action for personal gain or which harms their uses should be treated far differently from someone who steals user information and blames the target for having insufficient security measures. That's like shooting someone and blaming them for being insufficiently bullet proof.

I wouldn't go that far. Its entirely possible that Firefox OS could become a major player in the market segment the article indicates. The problem is that saying "...will become the Mobile OS to Beat" implies the major players like Android, iOS, and Windows even want to win that game in the first place. Absolutely there are lots of people who cannot afford the top of the line smartphones out there, and it would be nice if someone serviced their needs, but the problem is time. In time, technology will improve and costs will continue to drop relative to computing power. Its very dangerous to target a market Moore's Law is scheduled to destroy.

For Firefox OS to be the mobile OS "to beat" requires a lot of things to happen that aren't trivial exercises. First, Firefox OS has to become the dominant player in the low end market. Second, it has to achieve a level of brand loyalty comparable to iOS and significantly higher than Android itself (Android users are typically more loyal to their smartphone manufacturer than the operating system itself in my experience). It then has to be able to parlay that brand loyalty into a way to maintain their hold on those users as the smartphone industry advances to the point where the $20 phone of tomorrow is the $600 phone of today. And it must do this in a way that doesn't give the major players an easy way to encompass Firefox's feature set: if FirefoxOS's major innovations are based on open standards and HTML5 applications, anything it can do today Android and iOS could easily do tomorrow if they wanted to.

So much has to go right besides "sell a lot of low end feature phones" that to me it would be like predicting that the company that supplies most of the paper to print air travel tickets in kiosks was a threat to take over the entire travel industry in a decade.

I take the more nuanced stance that a scientific matter is "settled" when all reasonable avenues of refutation have been performed and failed, and when sufficient independent avenues of confirmation have been achieved where "sufficient" is judged relative to the complexity and the range of the scientific theory. in other words, its not enough that it hasn't been disproved, but that sufficient attempts to do so have failed. General Relativity, for example, has obviously never been refuted, but I wouldn't consider it to have been a reasonably settled matter until relatively recently. Fifty or a hundred years ago, the tools and observational power didn't exist to make enough of an attempt to disprove it.

Newtonian gravitation is settled in the sense that in the areas we deem it to make valid predictions all the different ways it can be confirmed have netted confirmation and all reasonable avenues of refutation within its ability to make predictions have failed. Where Newtonian gravity fails are the areas that are described by special and general relativity and those theories place limits upon the range of behavior we accept Newtonian gravity will generate reasonably correct results.

I also make a distinction between scientific statements and scientific theories being settled. Its often the case that there's an intermediate step between "observation" and "theory" when a point of scientific fact cannot be determined by simple observation. For example, whether the universe is expanding is more a statement of reality than a scientific theory. However its not a fact that is directly easy to observe. Often Science has to combine large numbers of observations and analysis to determine whether a statement of fact is true or false. I believe the statement that the universe is expanding is considered settled due to the large number of independent confirming observations and a lack of any other reasonable explanation for those observations. *Why* the universe is expanding and the mechanisms for that expansion is more the realm of scientific theory. Cosmological expansion and inflation are the theories used to explain observed expansion and I think those theories are not completely settled. Its more precise to say they are "settled for now" insofar as if they are false, we currently don't have the tools to refute them.

Indeed. The problem is the power lies generally with those with the technical expertise, and those people overwhelmingly end up with vendors and not customers. Of course, if they had a sense of professional ethics, that would also act to solve the problem. I'm not hopeful.

Perhaps they should. However, in general in the real world people make these decisions based on a combination of all the relevant factors, and the act of blocking all religious sites has other potential issues besides malware filtering.

Dell is skating on thin ice, because they aren't installing Firefox. They themselves admit that "the fee would cover the time and labour involved for factory personnel to load a different image than is provided on the system’s standard configuration." In effect, Dell is charging customers to have their PC loaded with image A rather than image B, and that seems much more like "software distribution" than "installation." If a dude was actually sitting in a factory installing Firefox on that machine, Dell could legitimately charge for that service. But that's not what's happening.

In fact, its common practice for bundled software to be loaded in a pre-installation state, so that the software actually installs and is configured when the user first logs in. If that's the case, then the actual act of installation occurs when the customer first powers the system on. Dell would only be copying the software binaries onto the PC as part of the factory build. And if that's the case here, Dell isn't "installing Firefox" by any reasonable definition of the words.

Careful: the first part of that statement is false in the US its only the last part that I've highlighted that makes it legal. The US has wiretapping laws that prevent unauthorized tapping of communications. Nothing in the law refers to ownership: otherwise the phone company could listen to anyone's phone calls whenever they wanted to because they own all the gear. Even in the workplace, when you use the company computer and the company network, there are still protections in place for private communications and businesses can be sued for violating those rights. There are exceptions, and it would be wise for IT professionals to know what they are. For example, there is an explicit exemption for business-related email. However, there isn't the same clear-cut exception for private email. There is an exemption for traffic intercept that is necessary to provide fundamental services, which is why corporate firewalls aren't violating the law every time they inspect a packet. However, if I, a network admin, Wireshark a bunch of packets to troubleshoot a network issue and happen to capture some employee's private chat traffic, so long as I don't deliberately read it more than necessary I'm in the clear. If the boss of the company takes those traces off my computer and uses them to read everyone's chat logs, he could be in violation of the law if he has no specific need to do that as a fundamental part of keeping the network functional. The fact that he's "the boss" means exactly jack-squat.

The big exception is party-consent. If an employee is required as a part of their job to read and sign an AUP, and that AUP states that the employee must consent to monitoring when corporate assets are used, if the employee consents to that then the law prohibiting wiretapping their traffic would no longer apply. Which is why you should never monitor employees network traffic in secret. You're safer video taping (but not audio recording) them in secret than tapping their network traffic, because one of those is a potential Federal crime.

Straw man. Most organizations don't have a usage policy that says four wasted hours of streaming video is ok. However, many have instituted filters for porn specifically because:

1. Generic porn sites tend to also have a far higher frequency of adware and malware content than normal.
2. People have been sued for promoting a hostile workplace environment due to porn, but no one to my knowledge has been sued for promoting an overly British workplace.
3. Many companies are uncomfortable with overtly adult and pornographic media in the workplace in general, irrespective of lost time.
4. Its possible to envision situationally justifying viewing BBC news in many corporate environments, putting it in the grey area of possibly legitimate usage. Its almost never possible to envision a similar situation occurring for porn.

In general, so long as the company took reasonable (not absolute) steps to implement safeguards to prevent such a theft, the law is pretty clear that intercepting and inspecting network traffic for legitimate corporate network management or policy enforcement purposes is legal.

For those that believe this sort of thing is and should be completely illegal, its not so simple. It is well within any company's prerogative to simply *block* SSL traffic at the perimeter, preventing it from being transmitted (on any port, not just 443). And many companies used to do so, before SSL intercepting technologies became more available. So long as employees are informed its happening, I don't see the controversy. The alternative is no access.

Having said that, while I don't see a controversy, I always inform clients who are considering using such technologies to think carefully. Its within their legal prerogative, but the responsibility in using it and protecting it correctly is non-trivial, and they should weigh that carefully against any potential benefit. But for many organizations with data leak or malware issues, or who just want to not be overly restrictive with internet usage but do want to regulate where and how much access is granted on corporate resources, SSL intercept is the only way to balance those interests.

Technically, its both of their fault. However, there's a presumption that the client has far less knowledge and competency in the subject of the contract than the contractor who is presumptively being hired explicitly for their knowledge and competency. A client that fails to keep its contractors in check is guilty of being naive or lazy. A contractor that fails to deliver on its contract is guilty of professional misconduct. The penalty for the former is and has always been getting substandard deliverables. But the penalty for the latter has traditionally been nothing, and in my opinion it should be extraordinarily high, because they have an actual professional responsibility not to be incompetent.

I have zero compassion for contractors and consultants who over-promise and under-deliver. Particularly large ones that think they are untouchable, and most think they are untouchable.

It always amazes me how almost every government boondoggle is implemented by a private sector hijacking, but almost all the negative attention is focused on the government that should have done better, and not on the thieves that walked away lining their pockets with taxpayer money. Its almost as if there's a belief that governments have an obligation to serve the people and should be judged on that standard, and corporations have an obligation to rape customers and should be congratulated for their efficiency in doing so.

If I was the governor of the state of Oregon, as soon as this project was done I would by executive order ban Oracle from bidding on any state government projects for the next thousand years.

That's fair, since calculus (and most math) was inspired by activities not terribly unlike those. Modern calculus (as I'm certain you're aware) was invented by people studying topics somewhat like that with just a bit more intensity.

It also never ceases to amaze me how many people I know who can't pass a math class to save their life but can calculate the attack DPS for the characters in their favorite MMO. The power of actually being interested in a subject to drive the desire to learn a subject is highly underestimated.